Incident: "Boeing 777 Engine Failure Due to Ice Contamination Impact"

Published Date: 2010-02-09

Postmortem Analysis
Timeline 1. The software failure incident involving the Boeing 777 of British Airways due to fuel system icing occurred on January 17, 2008 [826].
System unknown
Responsible Organization unknown
Impacted Organization 1. Passengers and crew of the Boeing 777 operated by British Airways were impacted by the software failure incident [826].
Software Causes unknown
Non-software Causes 1. Formation of ice in the fuel system due to water present in the aviation fuel [826] 2. Malfunction of the heat exchanger in the engine due to interaction between soft ice and fuel cooled to a temperature below -10C [826]
Impacts unknown
Preventions 1. Implementing regular checks and procedures to prevent ice formation in the fuel systems of aircraft, as highlighted in the investigation report [826]. 2. Updating flight manuals and instructions to include the necessity of checking for the possibility of ice formation in fuel systems, as this was not mentioned in the flight manuals at the time of the incident [826]. 3. Enhancing the monitoring systems to detect engine issues earlier, as the crew only noticed the engine problem 43 seconds before landing [826].
Fixes 1. Implementing a system to detect and prevent ice formation in the fuel system of aircraft, as the incident involving the Boeing 777 of British Airways was caused by ice clogging the fuel system [826]. 2. Updating flight manuals and procedures to include checks for the possibility of ice formation in fuel systems, as the investigation revealed that flight manuals did not mention the need to check for ice formation in fuel systems [826]. 3. Enhancing communication protocols between the flight crew, cabin crew, and passengers to ensure timely dissemination of critical information in case of emergencies, as there was a delay in informing passengers about the emergency during the evacuation process [826].
References 1. The articles gather information about the software failure incident from the Investigative Department of Aviation Incidents (AAIB) [Article 826].

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown <Article 826> does not mention any software failure incident related to the options provided. Therefore, the information about the software failure incident happening again at one organization or multiple organizations is unknown based on this article.
Phase (Design/Operation) design Unknown
Boundary (Internal/External) within_system The software failure incident related to the "Boeing-777" incident reported in Article 826 was primarily within the system. The incident was caused by the clogging of the fuel system with ice, leading to the loss of thrust in both engines. The investigation highlighted that the risk of ice formation in the fuel systems was not considered a potential risk at that time, and safety requirements did not account for such a phenomenon [826]. The failure was attributed to internal factors within the aircraft's fuel system design and operational procedures, rather than external factors beyond the control of the system.
Nature (Human/Non-human) unknown The articles do not mention any software failure incident related to non-human_actions or human_actions.
Dimension (Hardware/Software) unknown The articles do not mention any software failure incident related to hardware or software issues. Therefore, the information about the software failure incident related to hardware or software is unknown.
Objective (Malicious/Non-malicious) unknown <Article 826> does not mention any software failure incident related to a malicious or non-malicious objective. Therefore, the information about the software failure incident related to these options is unknown.
Intent (Poor/Accidental Decisions) unknown unknown
Capability (Incompetence/Accidental) unknown Unknown
Duration unknown <Article 826> does not mention any software failure incident related to a permanent or temporary duration. Therefore, the information about the duration of the software failure incident in the context of permanent or temporary failure is unknown.
Behaviour other (a) crash: The incident described in the article does not involve a software crash but rather a failure in the fuel system of a Boeing 777 aircraft leading to the loss of engine power [826]. (b) omission: The incident does not involve a software omission but rather a failure in the fuel system of the aircraft due to ice clogging the fuel system, leading to the loss of engine power [826]. (c) timing: The incident does not involve a timing issue related to software but rather a critical failure in the fuel system of the aircraft just 43 seconds before landing, leading to the loss of engine power [826]. (d) value: The incident does not involve a software value issue but rather a failure in the fuel system of the aircraft due to ice clogging the fuel system, leading to the loss of engine power [826]. (e) byzantine: The incident does not involve a byzantine behavior related to software but rather a failure in the fuel system of the aircraft due to ice clogging the fuel system, leading to the loss of engine power [826]. (f) other: The behavior of the incident is related to a critical failure in the fuel system of the Boeing 777 aircraft, specifically the clogging of the fuel system with ice, which was not considered a risk at the time and led to the loss of engine power during landing [826].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence no_consequence, unknown The articles do not mention any software failure incident.
Domain unknown <Article 826> does not mention any software failure incident related to any specific industry. Therefore, the industry that the failed system was intended to support remains unknown.

Sources

Back to List